Skip to content

Commit 18443e3

Browse files
author
Felicity Chapman
authored
Merge pull request #1425 from markshannon/python-points-to-change-note
Python: Change note for new points-to implementation.
2 parents 2622df0 + ff5e4d1 commit 18443e3

File tree

1 file changed

+28
-2
lines changed

1 file changed

+28
-2
lines changed

change-notes/1.21/analysis-python.md

Lines changed: 28 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,34 @@
33

44
## General improvements
55

6-
> Changes that affect alerts in many files or from many queries
7-
> For example, changes to file classification
6+
Points-to analysis has been re-implemented to support more language features and provide better reachability analysis.
7+
The new implementation adds the following new features:
8+
9+
* Non-local tracking of bound methods and instances of `super()`
10+
* Superior analysis of conditionals and thus improved reachability analysis.
11+
* Superior modelling of descriptors, for example, classmethods and staticmethods.
12+
* Superior tracking of values through parameters, especially `*` arguments.
13+
14+
A new object API has been provided to complement the new points-to implementation.
15+
A new class `Value` replaces the old `Object` class. The `Value` class has a simpler and more consistent API compared to `Object`.
16+
Some of the functionality of `FunctionObject` and `ClassObject` has been added to `Value` to reduce the number of casts to more specific classes.
17+
For example, the QL to find calls to `os.path.open` has changed from
18+
`ModuleObject::named("os").attr("path").(ModuleObject).attr("join").(FunctionObject).getACall()`
19+
to
20+
`Value::called("os.path.join").getACall()`
21+
22+
The old API is now deprecated, but will be continued to be supported for at least another year.
23+
24+
### Impact on existing queries.
25+
26+
As points-to analysis underpins many queries, and provides the call-graph and reachability analysis required for taint-tracking, the results of many queries may change.
27+
28+
The improved reachability analysis and non-local tracking of bound methods may identify new results.
29+
The increased precision in tracking of values through `*` arguments may remove false positive results.
30+
31+
Overall the number of true positive results should increase and the number false negative results should decline.
32+
We welcome feedback on the new implementation, particularly any surprising changes in results.
33+
834

935
## New queries
1036
| **Query** | **Tags** | **Purpose** |

0 commit comments

Comments
 (0)